Quality and
Security

We are a member of Dansk Management Råd (DMR), a subdivision of the Confederation of Danish Industry (DI), because we are constantly conscious of evolving, and because:

• We wish to guarantee our clients a high degree of ethics and quality. To that end we work in accordance with a common Industry Code.
• We want to ensure our clients the best consultancy investment.

Data Security

We treat personal data with strict confidentiality, which is why MINDWEISS A/S is approved by the Danish Data Protection Agency vis-à-vis processing of personal data.

Privacy policy

Introduction

We are committed to protecting the confidentiality, integrity and accessibility of the data of our clients, suppliers, partners and employees. That includes personal data. Protection of personal data is essential to us, and we are constantly working to ensure compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR).

When MINDWEISS A/S processes personal data in the context of providing consultancy services, we regard ourselves as a data processor, since we process personal data on behalf of our clients and in accordance with the client’s instructions. The client and MINDWEISS A/S enter into a data processing agreement with instructions and terms and conditions for MINDWEISS A/S’s processing of personal data.

This Privacy Policy also contains information about MINDWEISS A/S’s processing of personal data, when we are data controllers. This includes the collection and processing of data when hiring employees in MINDWEISS A/S. You can find more information on this subject below.

Our Processing Activities

Below you can read more about the categories of personal data we process and for what purposes, and on what legal basis we do so.

Collaboration with Clients

We collect and process personal data in the context of collaborating with our clients. We only collect personal data that is necessary for the agreed purposes, and we only ask our clients to share personal data with us that is necessary for those purposes.

In general, we only process general– non-sensitive – personal data, including the name, address, telephone number and email address of clients and client owners, and the name, title, telephone number and email address of any contacts with the client.

We also collect data about our clients and our clients’ managerial matters for general client contact and administration.

We process personal data for the purpose of fulfilling our agreement with our client. This includes:

• Performing tasks necessary to provide the agreed services to the client.
• Recording the time spent and issuing an invoice.
• Assuring quality and monitoring the progress of the project.

Processing is also necessary for MINDWEISS A/S to be able to exercise a legitimate interest in the administration, management and development of our business and services, including:

• Strengthening our relationship with clients.
• Developing our business and services (for example, identifying client needs and improving service delivery), managing the operation and maintenance of IT systems that are delivered for, or used as part of servicing a client and hosting systems.
• Administration and management of our website, systems and applications.
• Implementation of statistical processing and business development.

Candidates

In the context of dealing with candidates and their personal data, the same principle applies. We only collect data that is considered necessary for the overall purpose which, in this instance, is to facilitate relevant candidate profiles for the position in question, which the client wishes to fill. We never collect and share data about a candidate without informing him or her about the process beforehand. In this respect, an application submitted to MINDWEISS A/S by the actual candidate is regarded as consent to the processing of the data s/he has submitted. All personal data that is collected about candidates is deleted two years after the recruitment process is completed.

Suppliers and Partners

We collect and process personal information about our suppliers and partners, including personal data about their employees. We process data for contract management and for receiving goods and services.

Visitors to Our Offices

We collect and process personal data about visitors, including clients and other guests (this is done in Outlook calendar information).

Visitors for Implementing the Consultancy Group’s Websites

We process personal data if a subscription to an event or newsletter is submitted via the MINDWEISS A/S website. Only data (name, company name, job title, email address and telephone number), which MINDWEISS A/S needs in order to provide participants/subscribers with the best experience vis-à-vis their interaction with MINDWEISS A/S is required.

The data is stored on an internal server behind the MINDWEISS A/S firewall and is only available to people whose work makes it necessary to access this data. The data is stored as long as it is commercially relevant to MINDWEISS A/S or until the data subject requests deletion of the data.

Use of Cookies on Our Websites

We use cookies on our websites to optimise the user experience. This will save some of your past choices and entries on the website in order to make your experience more personal and user friendly. We use Google Analytics to analyse how you use our website. We receive reports of your activity on our websites from Google Analytics.

Google Analytics specifies two types of cookies:

1. A permanent cookie that indicates whether the user is returning to the site, where the user is coming from, the search engine being used etc. Permanent cookies are stored on the hard drive until they expire or until you manually delete them.
2. Session cookies, which are used to show when and how long a user is on a site. Session cookies expire after each session: in other words, when you close the tab or browser. Google Analytics does not correlate your IP address with other data it contains.

How to Disable Cookies

You can disable cookies on your computer by changing the appropriate settings in your browser. Only you can view, change or delete these cookies, since they are stored on your device. However, we hope that you will enable the cookies we set, since they help us make your experience on our website better and more personal.

Registration for Courses at MINDWEISS A/S

We use your personal data when you sign up for one of our courses.

We use your personal data to ensure the standard and quality of our services. This is in accordance with current legislation. We only process data that is necessary in relation to our work as a provider of training programmes and courses. The purpose plays a crucial role in determining the type of personal data that is relevant and the extent of personal data. We only use the required amount of data.

To ensure that we only process personal information necessary for course registration, we have prepared data protection procedures to ensure the protection of your data. To protect your data from unauthorised use, we use solutions that ensure that data is only available to employees whose work makes it necessary to access this data. When you register your company for a course, according to the terms of our contract you accept our processing of the personal information you provide in the context of the course. Your personal data will be deleted when we no longer have a legitimate reason to store it.

Security of Processing

Data security is a top priority during implementation. We take information security seriously and professionally, and we base our work on internationally recognised security standards. We have implemented security measures to ensure the data protection of client data, personal data and other confidential data by always keeping our IT devices updated with relevant security equipment, including firewall and antivirus programmes. We also conduct regular internal follow-ups in relation to policies and measures that are adequate and complied with.

Source

MINDWEISS A/S collects personal data directly from you and/or third parties, such as our clients or from public authorities.

Personal Data Collection Tools

In the context of collecting personal data for the various points of contact described above, we use the following data storage platforms:

Outlook Mail + Calendar

LinkedIn

OneDrive

Skyview

Survey Monkey

ActiveCampaign

HR Manager

www.mindwiess.dk

Testing systems (Integro, Master Danmark, People Test Systems)

Disclosure of Personal Data

We only disclose personal information data when there are legal reasons to do so.

Other Third Parties Providing Goods or Services

We occasionally use other third parties, such as subcontractors, in the context of providing our services. Such third parties may access personal data in order to provide the agreed service. The implementation is part of data processing agreements that are necessary to ensure the security of data protection and compliance with our data protection obligations.

MINDWEISS A/S also uses sub data processors as part of our daily IT operations. This means that personal data is processed by MINDWEISS A/S’s sub data processors. These sub data processors are located within the EU. Data processing agreements exist between MINDWEISS A/S and all sub data processors to ensure that all processing is in accordance with MINDWEISS A/S’s instructions and is subject to the necessary security requirements.

Public Authorities or Third Parties, as Required by, and in Accordance with Applicable Laws or Regulations

As part of our work, it may be necessary to share personal data with public authorities etc. This will only happen if, and to the extent required by applicable law and always takes place within the framework of the applicable data protection regulation.

Disclosure and Deletion of Personal Data

Personal data is stored in accordance with appropriate technical and organisational measures to ensure an adequate level of security. In general, we delete personal data five years after the end of the project, unless there are special circumstances that make it relevant to continue storing the personal data. Client data is stored only as long as a client relationship exists. Client data is deleted five years after completion of the latest project for the client. Personal data that is collected about candidates is deleted two years after the recruitment process is completed.

Your Rights When Registering

Once registered, you have certain rights under the General Data Protection Regulation. Your rights can be summarised as follows:

The right of access to documents You have the right to access the personal data about you that we process.

1. The right to have incorrect personal data amended. You have the right to have incorrect personal data about you amended without undue delay.
2. The right to have personal data deleted. Where applicable, you have the right to have your personal data deleted at an earlier date than when our ordinary deletion takes place.
3. The right to limit data processing. Where applicable, you have the right to limit our processing of your personal data. In such cases, we can only process your data with your consent or in some very specific situations as described in the Personal Data Regulation.
4. The right to oppose personal data, if the processing is based on Article 6 (1) (e) and (f). In such cases, we may only process your personal data if we are able to demonstrate compelling legitimate reasons for doing so.
5. The right to data transfer. You have the right to receive your personal data in a structured, commonly used and machine-readable format. You may also request us to transfer your personal data to another data controller without impediment.

For further information on your rights when registered, please consult the website of the Danish Data Protection Agency (www.datatilsynet.dk), where you will find additional guidelines.

When we process personal data based on your consent, you have the right to withdraw that consent at any time. Contact us to consent to our processing of your personal data.

Changes to this Privacy Policy

We recognise that transparency is an ongoing responsibility. Accordingly, we will regularly review and update this Privacy Policy.

Contact

Please contact us if you would like to exercise your rights as described above, or if you have any questions about our processing of your personal data or this Privacy Policy.

The data management is:

MINDWEISS A/S

Company Registration (CVR) No.: 26463130

Att.: Managing Partner, Marc Dulong

Gersosnvej 33

DK-2900 Hellerup

Tel. (+45) 70 26 27 17

Complaints

If you wish to complain about our processing of personal data, please send an email with the details of your complaint to md@mindweiss.com. We will process your complaint and get back to you.

You also have the right to file a complaint about your rights and MINDWEISS A/S’s processing of your personal data with the Danish Data Protection Agency. For further information on how to file a complaint with the Danish Data Protection Agency, please consult their website: www.datatilsynet.dk.

Statutory Rules

The applicable statutory rules for the implementation of your personal data can be found in:

• Personal Data Processing Act (until 25 May 2018).
• General Data Protection Regulation (GDPR) (after 25 May 2018).

The Danish Data Protection Act (after 25 May 2018).